Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

darnellmc writes: "This AP article is about Hong Kong's new smart ID cards (mandatory) with "embedded computer chips that hold names, pictures and birthdates -- as well as a digital template of both thumbprints". The picture in the article shows a man holding them and smiling. The article also mentions "Hong Kong's government backed down on proposals to have the cards carry health and bank records". The Hong Kong government hopes to add optional features like using them as driving licenses and library cards. This government learned nothing from the USA's abuse of the Social Security number, this is much worse. Hoping one card will do it all. These cards are also in the works in other countries like Finland, Malaysia and Japan where they are to be optional. Thailand
is working on a mandatory card."

True - countries with ID cards are police state (all western Europe for example, including Holland) while countries without are free countries (USA for example, which has the highest percentage of jailed people in the world !).

Orwell message would be stronger if he wasn't used and abused all the time...

Until now, the problem was - how can you control people if you cannot identify them.

I was growing in a communist country. The state 'secret' police kept file on every citizen, containing his opinions, habbits, friends and sins againts communistic ideology. This was useful for tracing, coercing, arresting and convicting individuals. Or simply such file was used when you applied for a school or job.

For instance.
We bought cars, but somwehere in the law it said that the car remains state's property. But it was hard to trace, how are you using it, e.g. do you drive it to church (subversive use!).Can you make a car that would authenticated and started by smart card? I think, that I could engineer one in about 7 months.

I assume people are worried about being tracked... But the only places I could think of needing to use it are when you are either a) getting on an air plane or b) entering a government building. honestly, considering how often people attack those 2 places, i think the national id card is a pretty damned good idea.

That's part of the issue. It starts out needing to be used there, and then the guy who cuts your hair wants to see it, then the magazine subscription company, and then people call your house at 3AM and try to sell you something based on your card. A agree with this poster [slashdot.org] you should have a long read. Then when you say "they would never do something like that", we can all say we told you so.

Smart Cards in general are *not* bad, I use one at school and it speeds access to the information I need about my schedule/profs/etc.*

However, it's the collection and the dissemination of the data that worries me most...China can do it because it has a very weak representative body and a very strong executive body...you can almost say the same for 'most' democratic states today...

Austria for example is proposing the same thing to counter it's immigration problems, complete with Thumbprints. Austria is also 'forcing' it's citizens to use a smart card for insurance...In a pseudo socialist state this is understandable. The 'state' is paying for the insurance (via citizens' taxes) so controlling entry/exit for hospitals is important.

The question though is how long before these kinds of cards will be used for work permits (as in the case of immigrants in HK and Austria (not yet complete)) all over the world...

Futurama ref: scan the career chip and viola, you have a job...or permission to live in such and such community.

We're used to badges for entrance into companies. How long before we're using a badge (smartcard) to do anything that involves the state or it's infrastructure?

1) Compulsory ID cards only make sense if it's requirement to always carry them, and *that* only makes sense if the Police can stop anyone and ask to see them at anytime - at which point you're perilously close to a police state[1].

2) Badly implemented smart cards will make it easy for the theft of other peoples identities.

[1] Of course, Hong Kong has been perilously close (if only in geographic terms) to a police state ever since the Chinese revolution!

On the other hand, lack of ID cards can be another problem altogether.

In South Africa, for example, all banks are required by law to verify your identity during "management" transactions; that means opening and closing accounts, and any non-cash instructions which are not protected by electronic passwords (your PIN).

Many other countries have similar laws, or at least practices in order to protect businesses. Often they have to rely on identification documents which are not meant for that purpose. The problem of SSNs and drivers' licenses in the US has already been cited.

Although I value my privacy, I am more secure in the knowledge that there is additional (albeit not perfect) protection against someone giving instructions on my accounts. At the very least, a digital signature is harder to fake than an ID document!

1) Compulsory ID cards only make sense if it's requirement to always carry them, and *that* only makes sense if the Police can stop anyone and ask to see them at anytime - at which point you're perilously close to a police state

[1] Of course, Hong Kong has been perilously close (if only in geographic terms) to a police state ever since the Chinese revolution!

er... HK residents have been, for a long time, required to carry their ID cards and produce them upon demand. This fine innovation was introduced by the British Colonial Government.

"Compulsory ID cards only make sense if it's requirement to always carry them..."I beg to differ.

Compulsory only means that every citizen has to have one, so that he can identify himself when needed (either if required by law or if he chooses). It doesn't necessarily mean that it's compulsory to carry the card at all times, neither does it mean that police must be allowed to stop and ask to see it without good reason.

There are dozens of situations where it makes perfect sense to have a reliable standardized ID, to be able to identify yourself.

As an example: the US authorities do not even have the slightest clue about the status of people living in their country. I used to live in the US for a year when I was 17 years old. I had a SSN and I got a drivers license there. When I turned 18, I got a letter from the draft office asking me to register with them. I don't exactly know how they got my name and birthdate, but I assume via the drivers license or SSN registration. Fact is, I never was a US citizen. At the time I got the letter I had already left the US (it was forwarded). The US draft office knew nothing about this. It required several letters to convince them that their registration process didn't even apply to me (as a non-US citizen). The only thing that did was my (non-US) ID.

1) Compulsory ID cards only make sense if it's requirement to always carry them, and *that* only makes sense if the Police can stop anyone and ask to see them at anytime - at which point you're perilously close to a police state[1].

Huh, so in the free America, police are so clueless that they can't even identify you if you don't have any identification document with you? Having only smart ID cards only makes the process quicker and more efficient. Do you consider it a threat something that only make their jobs easier?

Of course, there is always a possibility of abuse, but considering that these people carry guns already (subject to abuse too) and there are independent groups watching their behavior, I think it should be OK in the end.

I know my opinion on this topic is unpopular to the majority of the slashdot crowd, if the comments moderated UP are any judge but I'll try anyway.

Compulsory ID cards only make sense if it's requirement to always carry them, and *that* only makes sense if the Police can stop anyone and ask to see them at anytime - at which point you're perilously close to a police state[1].

I am a belgian citizen, I have a belgian ID card with my name, address, marital status, name of my kids, picture, signature, unique ID all written on it. I am required to carry it on me at all times and any police officer is mandated to ask it from me. Guess what? I'm HAPPY about that... And belgium, perilously close to being a police state? You're kidding, right?

First, only police officers can ask it from me. No other entity has ANY right to see it.Banks ask them. No problem with that, they'd better make sure nobody but me withdraws money from my bank account.I have to show it when I go in a night club if I'm suspected to be underage, no problem with that either. I have to show it when a cop controls me (as well as my driver's license, paper to say the car passed the last safety test, that I paid my insurance,...).
That's all, it is a proof of identity and I don't see any problem with that. You don't have a God given right to be anonymous or ability to pose as whoever you want. If you don't agree that whoever you're dealing with has any right you're who you claim you are, don't deal with them!

If you don't trust your government not to abuse that kind of information, vote for people you trust damnit. The problem in the american vision (sorry to generalize) is that you've been fux0red so often by your government that you (at least the slashdot crowd) don't trust them at all. But in my book, governments are NOT the problem, you elected them. The problem comes from corporations who could potentially abuse the system. There are solutions to that: don't deal with those companies and/or have your politicians create laws to protect your information! What? That credit card company wants information? Don't live off credit...

I think our government is preparing to use the smart cards also. I am not unhappy at all about this. In what way is it any different from what I have already? It's NOT any different.

What could someone do if they got my ID card? Pose as me? They better do it extremely fast because first thing I'd do if I get my smart ID card stolen is phone to invalidate it.

What if they could extract my information from it? Big deal, what's secret about me on that card, they could get the same information by looking up in a phone book, heh. Smart ID cards are NOT credit cards, they proof of identify. That's ALL...

What you all should be concerned about is not that there is a way to uniquely identify yourself, but making sure that that information is PROTECTED, that entities can't trade that information, can't request that information...

Now, of course, It would be different if people could actually do me harm with them cards (like if they included bank information), but that is not what smart ID Cards are about.

By the way, if you want to get rid of the SSN problems, implement social security for everyone like all European countries that I am aware of have. I've never seen anyone being refused admitance in a hospital in my life, and I sure hope never to live in a country that requires me to have a special insurance to benefit from health care.

Its all about who has what information about you.
An ID card could carry your full name, date of birth. Fine, no problem with this. Less hassle getting served at the bar 8).
Now add photo and the state has a current image of almost every citizen which could then be plugged into cctv systems at political demonstrations and immediately identify people opposed to the current government. Bye Bye Freedom of Speach and hello the ability to track someone where ever they go.
Fingerprints. The government doesn't have my fingerprints and I hope never will. Imagine you were at the scene of a crime, if the state already has your fingerprints they can match anyone who was there against their database, not just against known criminals.
Genetic finger print. Think of Gattaca and the eye lash being found by the police. Immediate identification with very small probability of error. Now tie this in to :
Banking - going for a loan? Any genetic defects and they'll increase the interest rate you're paying and demand cover in case you die before its repaid.
Insurance - any genetic abnormalities and then try getting insurance. Even worse if diseases such as HIV/AIDs were included in your information.
Finally the worst part Identity theft. Government ID card is supposed to prove beyond all reasonable doubt that you are who you say you are. If you have a card with your photo on it, with your fingerprints and genetic fingerprint all matching then obviously you must be the person named on it with access to all your bank accounts, property deeds etc.
Anything I've missed?

Fingerprints. The government doesn't have my fingerprints and I hope never will. Imagine you were at the scene of a crime, if the state already has your fingerprints they can match anyone who was there against their database, not just against known criminals.

Why would you be at the scene of a crime and not want to talk to the police? Surely you'd either want to help them with their enquires, or you're the criminal. I don't see why making it harder for criminals to escape is a bad thing.

Lots of reasons. If you're somewhere where you're not supposed to be -- for instance, you told your wife that you're working late, but you're instead drinking suds with your pals, or in a hotel room with your secretary, you may not want to admit it...

Or, if the police are remarkably ineffective in your area (stubborn witnesses generally not making it to trial, for instance), you may not want anyone to know. Sure, it'd be for the cause of justice, but many folks wouldn't casually toss away their life for that if they don't think it'll make a long-term impact.

This assumes that the police force stays the same size when crimes become easier to solve. This will not be the case - all police forces have very real budget constraints, and if it becomes simple to solve a crime then the budget _will_ be cut.

The more interesting question is this - when all crimes can be solved, what do we do with criminals, given that jails are already overcrowded? Now _that_ is the question for the next century...

This is why it is so bloody necessary that governments archive this sort of data in systems or on media that cannot be overwritten. I understand the Hong Kong governments worries about crackers, because it would be very bad indeed if someone managed to get into the government database and change the information about MY fingerprints. So, in the case of a dispute, it will become vitally important that there are ways to check that database data against read-only data from another archive.

I suggest they burn LOTS of CDS, and that they put them in many places, so as to avoid problems of having their eggs in one basket.

Read the notes. There is NO central database distributing fingerprint info to the readers. Your fingerprint info is only contained on your card - all the reader does is compare your actual fingerprint against the fingerprint your card says you have. Job done. If the government wants to create a central database for distribution to gov agencies using that information, it needs a new law. In China human rights are not a big deal, but you'd never get it into law in any civilised country (and yes, I do mean by that that China is an uncivilised country which still hasn't left the Dark Ages).

Now add photo and the state has a current image of almost every citizen which could then be plugged into cctv systems at political demonstrations and immediately identify people opposed to the current government. Bye Bye Freedom of Speach and hello the ability to track someone where ever they go.

This is a nonsequitur/slippery slope fallacy. The US government already has reasonably easy access to pictures of most of its citizens, but hasn't performed the abuses you described. Just because a government theoretically can do a thing doesn't mean that it does.

Fingerprints. The government doesn't have my fingerprints and I hope never will. Imagine you were at the scene of a crime, if the state already has your fingerprints they can match anyone who was there against their database, not just against known criminals.

If fingerprints were put in such a card, I'd want some safeguards put in place so that identities would be protected during police proceedings such as you mentioned. Still, the technology side isn't necessarily evil -- why is it so wrong if your fingerprint identifies you as being at the scene of a crime? An eye-witness could do that as well. Maybe we should eliminate eye-witnesses as a matter of course to protect privacy?

Genetic finger print. Think of Gattaca and the eye lash being found by the police. Immediate identification with very small probability of error. Now tie this in to :
Banking - going for a loan? Any genetic defects and they'll increase the interest rate you're paying and demand cover in case you die before its repaid.

What if that genetic defect showed guaranteed sociopathic behavior that made it a 99.9% certainty that the loan would not be repaid? Why should a bank pay someone they know is a bad risk. They evaluate income, past repayment of loans, age, and other factors. Why not go to something closer to the source?

Btw: It should always raise a red flag in any discussion when someone starts citing a movie plot as a likely outcome of real life events.

Insurance - any genetic abnormalities and then try getting insurance. Even worse if diseases such as HIV/AIDs were included in your information.

Why should I, as a health non-AIDS getter be punished for living a healthy lifestyle? Smokers often have to pay higher insurance premiums because they're a greater risk. Why is AIDS any different?

As to the genetic identification, I have high hopes that by the time that we get sophisticated to easily sequence everyone's DNA, we'll also have good methods for fixing problems in our DNA.

Finally the worst part Identity theft. Government ID card is supposed to prove beyond all reasonable doubt that you are who you say you are. If you have a card with your photo on it, with your fingerprints and genetic fingerprint all matching then obviously you must be the person named on it with access to all your bank accounts, property deeds etc.

But right now, things are worse. Those bozos at my bank give people access to my bank accounts if they can recite my social security number and mother's maiden name! It's all about raising the bar, and putting my secret information encrypted with my PIN on a hard-to-compromise smart card would be a step in the right direction.

This is a nonsequitur/slippery slope fallacy. The US government already has reasonably easy access to pictures of most of its citizens, but hasn't performed the abuses you described. Just because a government theoretically can do a thing doesn't mean that it does.

Can, will, and has [google.com]. Lest you forget, the Constitution of the United States was written on the presumption that there's no such thing as a theoretical government ability-- and with good reason.

If fingerprints were put in such a card, I'd want some safeguards put in place so that identities would be protected during police proceedings such as you mentioned. Still, the technology side isn't necessarily evil -- why is it so wrong if your fingerprint identifies you as being at the scene of a crime? An eye-witness could do that as well. Maybe we should eliminate eye-witnesses as a matter of course to protect privacy?

Now who's succumbing to logical fallacies? What "safeguards" could you possibly put into place here? If data is available via the card, it's available. It's not like the card can ask if you're a police officer or a street vendor. And obviously nobody has a problem with your thumbprint identifying you at the scene of a crime. The problem is when my thumbprint identifies me as buying a stack of pr0n and a bottle of lube. Not that anyone would care, you rejoin... unless of course you have some public standing, or aspire to some public standing, or maybe they just don't like you much.

Why should I, as a health non-AIDS getter be punished for living a healthy lifestyle? Smokers often have to pay higher insurance premiums because they're a greater risk. Why is AIDS any different?

Because, in this age of enlightenment, whether or not you are insured can determine whether you live or die. Smoking is a risk factor you initiate yourself; AIDS not necessarily so. This is true for most diseases. You would sentence someone to death-- when medicine could keep them alive-- because it's "not fair" that they don't have to pay extra for their insurance because of their higher "risk"? That's a sad commentary on your character, man.

As to the genetic identification, I have high hopes that by the time that we get sophisticated to easily sequence everyone's DNA, we'll also have good methods for fixing problems in our DNA.

Oh. Well, okay then. If you're pretty sure we'll all be able to turn into perfectly healthy supermen by the time someone figures out what genes determine disposition to Alzheimer's... Oh, wait [nih.gov].

But right now, things are worse. Those bozos at my bank give people access to my bank accounts if they can recite my social security number and mother's maiden name! It's all about raising the bar, and putting my secret information encrypted with my PIN on a hard-to-compromise smart card would be a step in the right direction.

I have a friend who was robbed in just such a manner. Guy walked into a bank, claimed to be him, and withdrew a couple thousand dollars. I'd like to point out a few things: (1) he got his money back pretty rapidly, (2) the bank was after the guy like you wouldn't believe, (3) the bank already had a photo of my friend on file... they could have just used it, and (4) this is the only occurrance of this type of which I am aware among everyone I know. This is not the sort of story that makes me particularly inclined to centralize a great deal of personal information, or even submit to a compulsory, incontrovertible identification scheme.

Furthermore, what's the point of encryption if everyone has the key? And this is not a small system; anyone who wants the key will, eventually, have it.

> What "safeguards" could you possibly put into place here? If data is available via the card,> it's available.

I suggest you inform yourself more about PKI technologies. If your argument is that PKI is insecure, fine, that's another story. But you seem to be simply implying that there's no (theoretical) way to protect information on a card conditionally, which is plain wrong. The fingerprint could be signed with a private key that only a certain government agency holds, and access to which requires search-warrant-type authorization by law inforcement. Furthermore, this access could be on a one-time basis, using some mechanism that ensures that law enforcement cannot store this key for future unauthorized use.

Of course, all these musing merely indicate technical possibilities. In order to be legally, ethically and morally viable, they will require a whole slew of new laws and regulations to dictate their proper use. Yes, governments have proved time and again that they can (and do) screw up such things, but in the end there's no way around it. New technology does happen, and it does get adopted, so the sooner we embrace that fact and start thinking about its ramifications (legal and otherwise), the better. Historical analogies abound, just look at the wiretapping laws. Can you still illegally wiretap? Sure, but the disincentives are strong enough that it's hardly a severe problem.

This is a nonsequitur/slippery slope fallacy. The US government already has reasonably easy access to pictures of most of its citizens, but hasn't performed the abuses you described. Just because a government theoretically can do a thing doesn't mean that it does.

I believe there is a fallacy in the slippery slope argument, that does not mean all slippery slope arguments won't come to pass.Right now, most States have pictures of a large majority of the population, however, for the Federal Government to get access to them, they must follow very specific guidlines, and can only do it on an individual basis.Seperation of the States and federal Government is what gives us that protection, but things like this are eroding those protections. I do not want to see this technology implemented until amendment are added to our constitution that protect us.What if that genetic defect showed guaranteed sociopathic behavior that made it a 99.9% certainty that the loan would not be repaid? Why should a bank pay someone they know is a bad risk. They evaluate income, past repayment of loans, age, and other factors. Why not go to something closer to the source?because 1 out of 1000 people get screwed. Income, Past repayment is an example of how you have handled money in the past, not an evaluation of how you might handle money. If you bank is using age to evaluate loans, there going to be sued pretty damn quick.But I suppose that wouldn't be the real problem when they started locking people up because there 99.9% certian they'll commit a crime anyways.

Another problem you have when you implement this kind of technology with out any citezen protection is behaviour tracking.You break your routine for no real reason other then you want to. the system detects a change in your pattern, not your being "checked out" by some agency. This has happened in societies without computers, do you think it won't happen when computers will make it easier to do?

There are lots of example of science fiction becoming science fact so to say that its bad to use a movie plot as a possible outcome could be debated for quite a while.

Yeah, but those rare hits are anecdotal in nature. In order to gain any meaning in a logical argument, you'd need to show that science fiction is a statistically reliable predictor of scientific fact. My vague feeling for the subject tells me that most science fiction is exaggerated to the point of magic and wishing, so holding up any particular piece of scifi does nothing to support an argument. I agree that it can at least give you a starting point for envisioning a scenario, but all too often on/., I read where people reference 1984, Gattaca,The Running Man, etc.; as though the one piece of legislation being discussed will bring about the scenarios in these works of fiction.

So? Preventative legislation now to stop abuses tommorrow is often a good thing.

But your argument doesn't even consider the positive benefits of such a system.

That raises the whole nature / nuture debate. If you have a predisposition to an action then you are not responsible for it and therefore the criminal justice system is based on an invalid idea (free will) and should be scrapped.

Now you're talking absolutes, when I'm talking percentage chances. Besides, if our further look into the human genome shows us that actions are dictated by our genes, then maybe our current system of justice should be scrapped to make way for our new understanding.

It's all about raising the bar, and putting my secret information encrypted with my PIN on a hard-to-compromise smart card would be a step in the right direction
So what happens if your card gets stolen and you can't prove your identity to get a new one? Or is the government expected to keep a copy of all your details online?

What happens if you lose your driver's license? It's all too easy to get a new one. If the government has a better database of information for verifying your identity, what's the problem? If anything, I see a national ID card as being a way to lessen the rampant identity thefts happening today. Plus, the ubiquity of smart card readers will make things like digital cash and micropayments easier to implement.

Did I miss something, or do they not now have a copy of your thumbprint? Stick your thumb in a scanner and send the results in - instant proof of ID. They will keep hold of this information, in the same way that the information on your driver's license or passport is stored for the duration of you having a license/passport.

Now add photo and the state has a current image of almost every citizen which could then be plugged into cctv systems at political demonstrations and immediately identify people opposed to the current government.

I don't know about America, but most countries I have been to have either an ID document with a photo, or a drivers' license with a photo. Anyone with a passport has their photo on a government database.

Fingerprints. The government doesn't have my fingerprints and I hope never will. Imagine you were at the scene of a crime, if the state already has your fingerprints they can match anyone who was there against their database, not just against known criminals.

What happens when the criminal is NOT known? If your fingerprints are coincidentally at a crime scene, you will be identified as a person present. You will almost certainly be visited and questioned. Maybe you were a witness, but didn't realise what you saw (the crime happened after you left, but you could identify some other people present). Fingerprints alone are not enough to convict -- EVEN IF they are the only prints present! These has been a case along these lines in the US courts in the late 80s.

Banking - going for a loan? Any genetic defects and they'll increase the interest rate you're paying and demand cover in case you die before its repaid.

Most loan houses insist on insurance cover - its prudent business practice. And if you are really in a first world country then you'll find that discrimination on such an arbitrary basis is unconstitutional. You'll get the loan, at the same interest rate as everyone else, but you may have to pay more for insurance.

Which is CORRECT unless you have a socialist viewpoint, because you are a higher risk customer. (Disclaimer: I happen to be sufficiently socialist to think this is wrong, but in strict capatalism it isn't. Also, if you hide your actual risk, you damage the entire industry, including other policy holders, because the fund cannot adequately assess its risk).

Insurance - any genetic abnormalities and then try getting insurance. Even worse if diseases such as HIV/AIDs were included in your information.

I don't know how the US treats this sort of thing. In South Africa medical aid and medical insurance are vastly different animals. The med. aid industry is carefully regulated, and all policy holders cross-subsidised, so there is no loading of premiums based on your personal medical information. BUT you HAVE to fully disclose ALL information to the medical aid, or they can refuse to pay. Medical aids can even force you to go for tests on joining in order to determine your health, but the results cannot affect your ability to join, or affect your premiums. This is to ensure that the entire industry can correctly assess its risk.

Medical insurance is unregulated, and policies can be loaded against the holder according to his/her risk profile. Again, in a capatalist society why should you pay the same as me for insurance when you are a much higher risk (for example).

Finally the worst part Identity theft. Government ID card is supposed to prove beyond all reasonable doubt that you are who you say you are.

How do you prove your identity at the moment? "I am me"? Do you have a drivers' license, an ID document, what? And how do they prove that you are who you claim to be.

The only way to be certain is to have a birth certificate lodged with the government containing your name, a genetic fingerprint, and references to your parent's identities. And such a system is susceptible to an interal attack.

Unless the government claim the system is unhackable, there is still the opportunity to claim identity theft. As long as that option is open, this system is preferable to one where forging identification documents is limited to overcoming physical security.

Identity theft happens anyway. A well-run system of such cards (I know, how likely is that?) would make such theft less likely, not more. Now, at present, if somone pretends to be you and fools people, you aren't liable for what they do - the individuals CONNED have to eat the loss, by and large; I know there are exceptions, and it can be a pain to deal with, but this is already the fact of life for the 95% of the population who chooses to have credit cards and otherwise participate in the 21st century. IF these ID cards came packaged with legislation to make you liable for anything anyone did with a fake card, that would be a problem.

The government already has your photograph, dude. Even if they don't yet have it, if they're computer-recording the faces of people at demonstrations they can just store them and match them later.

The genetic discrimination paranoia is not really germane. This becomes a problem if the government sequences your entire genome. The markers they would need to, for example, ID your eyelashes, blood, spit and semen are not disease markers, and cannot be used to effectively predict your lifespan or anything else. Yes, insurance industry spies could sneak into government offices, and check your blood samples for disease markers. This would be far easier at the hospital which is on your insurance companies payroll. Nothing to do with ID cards.

The government already makes thumbprinting a functional condition of participation in modern society. You need to give thumbprints to get driver's licenses or state ID cards already, in every state as far as I know (feel free to correct me.)

Every time I say this I get modded down as flamebait, but - there are certain things that you don't want the government to know b/c they compromise your anonymous expression. Your photograph, for example. In the case of the photo, this issue is settled, which is unfortunate in some respects but so far it has not worked out badly. Crooks also want to keep these things secret, and we have to tolerate that as the price of our freedom.

Then, there are certain things that you don't want the government to know b/c you're a crook, and they don't provide protection for people's anonymity of expression. Your thumbprint is one of them. This makes certain forms of civil disobedience more difficult, and I have some civil disobedience running in the other window right now, but we can't structure our society based on the criterion "the government shouldn't do things that make it hard to break the law". In fact, since they're going to keep track of this information ANYWAY, we are better protected, in terms of our civil liberties, if it is tracked in the open.

You ever got a passport? To get a passport, you must send two photo-booth pictures of yourself to the passport office. It used to be that one went on the passport and the other went into the files, but these days both stay on file and the passport picture is done by a printer from a scan of the photo. So the government has already got your picture on file, unless you never go outside your country of origin (a rare situation in every country except the US and possibly Russia).

Fingerprints - well hey, I committed a crime and they can find me! Damn that's hard! Should be illegal for the cops to find me!;-) Ditto genetic fingerprints. And that's assuming that the police get access to the database for searches on crime scene data, which is not the case here.

As for genetic information being used by other parties, that information is a part of your medical records. In order for companies to use it, it'll take a change in the law in every Western country to allow anyone else to have access to your private medical records. In addition, most countries (including the US) already have bans on using genetic profiling for health insurance and similar stuff - the lawmakers and civil liberties groups saw this coming as soon as genetic research started.

And please note that this card does NOT contain any information on your genetic sequence, or details of your health record (for which there are damn good reasons for having the info immediately available, such as health workers taking special precautions if someone has AIDS).

Lastly, identity theft. Read the article. The card contains a scan of your thumbprint - to prove that you are the genuine owner of the card, you have to put your thumb on a sensor, and the reader checks your thumbprint against the one stored on the card. You are only recognised as the legitimate owner of the card if the two match. Note that AT NO TIME is there a central database of thumbprints being distributed to the readers! So this is a much better system than PIN numbers - a card and a thumb-print sensor, and it's literally impossible to fake identity. No-one can now rip off your card without having cut your hand off first!:-) So in one move, it would put an end to credit card theft.

Is there anything I've missed? Or do you not now have a leg to stand on...?

Can somebody succinctly summarize the percieved threats of a national ID Card?

Most of the proposals arn't simply "identity cards" they are also overloaded with other personal information. We already have enough problems with such things as driving licences being used for things completly unrelated to driving...Also the more information attached to a specific document the easier "identity theft" becomes.

By placing a digital thumbprint on the the card, they have made a tiny DB of the valid users thumbprint. Thus if I have a thumbprint that matched, I am that person. Add to this the visual image match of the digital picture, the picture on the card and my visage and I am feeling pretty secure.

But not rightfully so. The best fingerprint recognition software has (and has had for some time, so I don't forsee the necessary orders-of-magnitude improvements happening in the near future) a 1-in-100,000 false acceptance rate. This means to do a brute force attack against a fingerprint key, I need a library of only 100,000 fingerprints.

If DES is considered insecure with a keyspace of 2^56, then why would you even want to switch to a system with a keyspace of only 2^17 ?

Other biometrics (face, retina) are no better in terms of keyspace. Only DNA has the necessary size, and (1) Don't expect to see a device that can sequence your DNA in the fractions of a second we find acceptible for authentication anytime soon. (2) I will not submit to a blood sample to get cash out of the ATM.

Not to mention: If my fingerprint unlocks my bank account, there is incentive for someone to chop off my hand.

This (or rather the parent) is a classic example of mistaking identification for authentication. We need both for stuff like ATMs.

Aside: if you have a 1-in-100000 false positive in a system, your chances of brute forcing the system are identical to a 5 digit PIN, which is standard. You don't gain anything over current security, but you probably don't lose anything (yes, your fingerprint can be stolen. So can your ATM card with the PIN number scrawled on the back ; its not as rare as you think).

Now, combine identification (insert card, place finger on scanner, the ATM is 99.999% sure its you) with authentication (type in your PIN, which can't be stolen from you, unless you wrote it down like a complete twit), and you have only a 1 in 10 billion chance of brute forcing the keyspace.

Keyspace is only one part of the equation of security - the other part is the time taken per trial. DES became insecure by the time per trial reducing radically.

To brute-force this, you'd need 100,000 cards and 100,000 passes of trying those cards in the reader. Hmm - you reckon the person on the other side of the machine would notice?;-) (Note that I'm making the classic probability error of saying "if there's a 100,000:1 chance , then 100,000 tries will get me through" which is not correct - it may only take one try to get it, but then 100,000 may also leave you SOL)

Why worry about ID cards when we are talking about deploying security cameras everywhere? And what happens when face recognition software becomes good enough to pick you out in a crowd?

If anything, ID cards are less problematic than things that are going to happen -- the only difference is that technological surveillance measures will be put in place without our permission, cooperation -- or even awareness. If the police are tracking you with your ID card, at least they can't do this without disclosing that they are doing so.

Technology is putting this capability into the hands of government and private industry whether we will or no.

I'd support a national ID card now for two reasons. First, the issue of government abuse is close to being mooted by new technology. Second, introduction of such a card will slow down the adoption of less obvious surveillance measures so that we can consider how to to make the operators of those measures accountable.

Getting to the issues of smart cards, I think the problem is in placing too much trust in them. First of all, they have proved more vulnerable to cracking than we first thought. Secondly, the cards themselves are useless without systems around them to do things with the information on the cards, and the card holder has to be careful about trusting those systems with access to his card.

I think it is wise to avoid putting sensitive records (bank records in particular) on these cards, at least at the outset. Concentrate on tamper proofing them, and let organized crime get a few years to crack them when they are relatively less critical. At some point in the future we can make a more informed decision about how much to trust the cards and the systems they interface with.

Actually the article states that we already have one, as we do, the HST card. (Personal Electrical Identity or something like that in English.) It just hasn't got that many users, as there is so little real use for it. Most authentication mechanisms in the web are based on credit card number or internet banking service id, and the government itself has been a slow adopter. Also the card costs more than a normal id card, and expires in three years (which of course is a good thing in itself). I think somebody suggested that if for example tax forms could be returned via a HST-certified web system, we'd see a lot more people getting interested.

Anyway, more information can be found from the Population Register Centres Electronic id card pages:http://www.fineid.fi/default.asp?todo=setl ang&lang =uk

According to AT Kearney [foreignpolicy.com], Finland has the highest combination of personal freedom + lack of government corruption in the world. Denmark, the Netherlands, and New Zealand also get slightly better ranks than the US.

I must agree. I work with a lot of Finnish people in my daily work and have travelled to Finland on occasion for business.

My best reasons for wanting to move to Finland:
1. Personal email received through your workplace is personal. The company can't sniff your email and spy on you.
2. Your workspace cube at the office is private. Stuff doesn't disappear when you leave it on your desk.
3. Finnish women

And when I feel bad about going to Filand there's Koskenkorven and Salmiakki to drink. But hopefully with a Finnish woman.

..IMHO by nature would be more accepting of this type of technology. For thousands of years asian cultures have been about the sacrifice of the individual for the whole, so it really doesn't surprise me that this kind of card would be generally accepted, if not eagerly accepted as a fundamental tool to make the system better.

Asian cultures IMHO by nature would be more accepting of this type of technology. For thousands of years asian cultures have been about the sacrifice of the individual for the whole...

Not really the sacrifice of the individual so much as the greater good of everyone else. This is a very important concept, becuase it means that these cards won't be misused in the same way that they would be in the US. In countried like, say, Japan, even relativly large corperations are held to a firm moral code. It doesn't always happen perfectly, but usually when a company steps out of line and shows it's dark side, it can and will be severly damaged. Not just lost profits too, but also in what parents tell thier kids... the damage can last for generations.

My best friend is Japanese as is his family...and I've been exposed to all sorts of asian culture. Granted asian culture is more "modernized or westernized" but the core beliefs have carried over the generations.

Kind of like in America where we're supposed to be about freedom and equality yet our culture rarely shines in these areas. We hold the truths even if we don't practice them, and they do have impact on our lives.

Once the first card reader is compromised, or even if someone just reverse-engineers the chip, the whole system is compromised. Once bank information is on them -- and I have no doubt that that bit of the proposal is only on hold, not really dropped -- how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one?

As of right now, card readers (all of them can also write) are not that expensive, the security comes in the form of encrypted data on the card. It would be about as difficult as decrypting an SSL session to get the data from the card.

No, they're in another smart card chip (called a Secure Application Module or SAM) which should have its own protocol for authenticating the user of the reader and should also peridodically require a status check with a central host (which has other keys which secure the authentication with the SAMs) or they shut down.

I don't know if this has actually been done in the Cyberworks solution for HK, but it's not rocket science and it's standard practice in the smart card industry.

how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one?

I really doubt this would be an issue. The smart cards have no power supply nor do they have a radio transmitter. It would be extremely difficult to remotely power a device and remotely sense extract data from the device. You could possibly extract information from a reader when the device is in use, but it would be much easier to set up a fake reader to do this rather than doing it remotely from a real card reader.

This is similar to problems faced with ATM machines. A few years ago people started setting up fake ATM which would capture your ATM card info and PIN and then return an error. The crooks would forge new cards and clean out your account. No need to sniff data from working real ATMs when people would use your bogus ATM.

Okay, I live in Hong Kong. Actually that's not the worse part, as serveral ppl has mentioned, we would not mind carry such card around, since this is required by law to carry one around(smart or non-smart one, just like the SS). The problem is the way that they choose the vendor, who ever get the lowest price got it. The problem is the vendor who bid the project, Pacific Cyberworks [pccw.com] is not well known on such technology locally. They claim they can finish the whole thing within 18 months cycle, which if you think more about it, it's a ridiculous short time frame. Not to mention their bid is half of the second lowest bid. That makes me have a really bad feeling that the security on such system would not be throughly tested at all.
sigh...

how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one?

Tell me, my good sir, how is that remote credit card reader working out, the one that can read credit card numbers from wallets from many feet away? And just the other day, someone stole my driver's license information from that magnetric strip, just from having a magnetic strip scanner... in their pocket! Moderated as insightful, nice.

There are many potential concerns about privacy and security, but not remote readers - let's stay out of science fiction and in the real world.

Once the first card reader is compromised, or even if someone just reverse-engineers the chip, the whole system is compromised

This is unlikely to be true. The simplest of systems will have all data readable but signed by a government certificate. Compromising the system will involve cracking the government key.

how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one

You should probably do some reading into smartcard security. Smartcards are not easy to crack, which is why they are so useful in secure transactions. It is possible to be sneaky and get (say) a DES implementation to leak a few bits in laboratory conditions, enough to weaken the cipher but not crack it totally. You are also likely to render the Smartcard data useless in the process.

Honestly I don't see the point of making the data hard to retrieve. The whole point is to have your details available for verification: here, this is me, and I have a government signed card which contains my photo, fingerprints, etc to prove my identity.

My biggest worry about these cards (since South Africa is also considering jumping on the bandwagon) is that big business will start using them for authentication in addition to validation... at which point the system goes to hell. I need to identify myself with this card, but authenticate myself using some secret which can't be physically taken from me.

Most of this stuff is protected by a PKI infrastructure. Other things like your picture are in the public section; since the picture is also shown directly on the card, I don't think you'll lose anything more here if your card happens to be stolen. The only scenario that your bank information is leaked when someone gets ahold of the card and the bank's private key.

Once the first card reader is compromised, or even if someone just reverse-engineers the chip, the whole system is compromised. Once bank information is on them -- and I have no doubt that that bit of the proposal is only on hold, not really dropped -- how long will it be before someone builds a remote reader that can pull info just by walking within a few feet of one?

Have you ever worked with smart cards? Do you know what a smart card reader is? It is simply an interface between the smart card and another system. It has no, I repeat NO intelligence. There is NOTHING TO CRACK in the reader.

What do you mean by reverse engineering a chip? In a properly designed smart card system the bad guys can get ahold of all the cards (initialized or uninitialized) they want and they will not be able to "compromise the whole system".

Even if you somehow managed to extract the keys from one card, that is all you would have, one card. You would have go through the process again for another card. BTW, extracting the keys from a single card is estimate to cost $300,000 or more. It is not something that can be mass-produced.

A remote reader is only useful for contactless cards and only in certain situations.

I work with smart cards everyday. I work for one of the teams that bid on this project. Not the winning team:( . I am only flaming the parent post because it is spreading lies and for some reason has been modded it.

It is certainly possible to make it *extremely* difficult if not impossible to get a private key out of a smart-card. The NSA did it with Skipjack in the early nineties.

Techniques specific to cracking a smartcard have undone this work. If one knows the encryption algorithm used by the card and the hardware used to implement it, then because the card reader provides the card with power to do its computations, the power-demand-vs-time information gained by the reader can be used to reconstruct the key stored in the card.

All 15 of the AES submissions are vunlerable to this attack. Moral: never stick your smartcard in an untrusted slot.

Techniques specific to cracking a smartcard have undone this work. If one knows the encryption algorithm used by the card and the hardware used to implement it, then because the card reader provides the card with power to do its computations, the power-demand-vs-time information gained by the reader can be used to reconstruct the key stored in the card.

All modern smart cards defeat simple power analysis and most of them defeat differential power analysis and a variety of other side-channel attacks as well.

How? It's not that hard.

Defeating simple power analysis (watching the power consumption for one run through the encryption) is easy, and cards fixed this problem quickly -- just install a capacitor that buffers the power consumption. In theory, enough buffering can completely smooth the power consumption curve and defeat all power analysis, but as Paul Kocher (inventor of power analysis) found, in practice if you run the card through enough cycles and apply some math to the results you can still extract the information. This is differential power analysis.

There are a wide variety of mechanisms for defeating DPA. Some focus on protocol design, ensuring that the same data is never encrypted twice, or limiting the number of times that a particular key is used, by doing most work with session keys established during an authentication protocol, counting the number of failed authentications and refusing to operate after a small number of them. This does enable a DOS attack, but that's less damaging to the system as a whole. Other approaches focus on the cryptographic algorithms, exploiting nuances of their structure. For example, some IBM researchers discovered that they could inject randomness into DES calculations, XORing random numbers with the values in the computations at certain points and then XORing again to remove the effects. The result is randomized power consumption, without compromising the consistency of the results. A 3DES engine built with randomized DES is immune to DPA. The current direction anti-DPA technology is less technologically sophisticated but just as effective: A hardware encryption engine. Because a hardware 3DES or AES engine performs its computations in such a tiny amount of time, and at such tiny power consumption, a very small capacitor can complete buffer the operation.

Many other side channel attacks have been defeated as well, mostly by shielding the chips with heat and power-conductive sheaths.

It's interesting to note that public key cryptography in smart cards *is* still vulnerable to power analysis, in most cases even to simple power analysis. PK cards use a hardware coprocessor, but the process still takes time, and that makes SPA/DPA possible.

Cards are not 100% secure, but nothing is. Current best estimates are that a modern card that incorporates all of the current security features would cost approximately $300,000 to break. All good designers of smart card systems understand that, and take various precautions (which I won't go into here) to ensure that the compromise of one card does not compromise the entire system.

I agree only an idiot would roll it out without verification. However finger prints are already stored on the card, so if you can figgure out how to read the card you can get the scan of their fingerprint.

Some old ATM cards held the pin number (unencrypted appearently) and there were folks who managed to figgure out how to change them. Not sure if it still works that way.

Of course not knowing how the fingerprint is implimented I really can't say if this is a problem or not - the card could use the stored fingerprint as verification, that is if you don't present a matching print it would let you at the data. Or other ways to secure this.

This government learned nothing from the USA's abuse of the Social Security number, this is much worse.
ID cards are have been mandatory in Hong Kong for a very long time - they were just not "smart" yet.
Identidy theft/number abuse is NOT a problem.

My state legislator lives down the street from me and his children go to school with mine. My senator has a house in a gated, guarded community in a very rich area of the the state, and is usually behind locked doors in Washington DC anyway. The people who work for John Ashcroft have no accountability to me whatsoever.

Creating a government necessarily means making a mutual agreement to give up some freedom for the greater benefit of all, but the smaller the unit of government, and the closer it is to the governed, the easier it is to monitor abuses and correct errors of course. That's why, although a drivers license issued by a state government carries some risk to freedom, it is not intolerable. Link that drivers license into a nationwide biometric database though and you have another kettle of fish.

well im sure everyone is thinking somewhere along the same lines of security issues with these cards. What will happen if someone is able to sucessfully duplicate an individuals card. The information has to be kept somewhere, and if that database ever gets hacked, say goodbye to everything - credit card numbers, back account information, health issues that could arrise from having all your health and medical conditions kept on this one card - - On the plus side i'm sure there is going to be lots of bounus to the card as well. Bac kto the medical reasons, anyone that carries their card could have all the treatment proceduers for that "rare life threating disease" they may have. I think it would be a major toss up, the list of pros and cons could go on for a very long time.

I lived in Hong Kong for 18 years; everyone over the age of 16 has to carry an ID card, with your ID number, photo, name, and date of birth. The ID cards are also proof of a right of abode in Hong Kong, like a birth certificate in the UK.

So this change is limited to putting a smart chip in a card people already carry.

Not that its not dangerous -- there are a whole load of risks associated with people not knowing what information they are giving up whenever they show it (though there are laws about who is allowed to request it), as opposed to a print-only card where its obvious what you are showing.

On the other hand, if you must have ID cards and strong authentication of individuals (which I do not think is a good idea), smart cards can actually help individuals maintain their privacy when implemented with that goal in mind.

The reason smart cards can be good for privacy is that they allow data to be kept out of central databases. If you must use your fingerprint to authenticate yourself, it's much less intrusive if, at least, the government has no record of your fingerprint other than the one you carry in your pocket. The card can be designed such that it performs all of the fingerprint validation and never under any circumstances reveals the template (of course, the reader that scans your finger could store it in addition to giving it to the card, so privacy needs to be a goal throughout the process). Further, smart card systems can be (and all of mine are, by default) designed so that while you store a wide variety of different kinds of information on one card, the data are still separated and one agency does not have the ability to read data written by another agency. Even if your driver's license, medical record, credit card and passport are all on one card, that doesn't mean that the police and immigration officials can read your medical history or that the doctor can see how many tickets you've received or how much money you have.

The technological protections that can be put in place are quite strong, whereas any semblance of privacy in a central database system is (must) be provided by policy, which is entirely too easy to change, or for an unscrupulous individual to simply ignore.

I don't know whether or not the Hong Kong system has put these protections in effect. I worked a little bit with them (Hong Kong) as part of IBM's (failed) bid to be their technology supplier for this system, and IIRC, there was some concern among the different departments in the government that the other departments should not have access to their information. I think that if IBM had won, we would have implemented appropriate firewalls between the data elements, but I have no idea what the winner has chosen to do or what direction they've been given by the Hong Kong Immigration department (which is the entity issuing the cards -- I suspect they're mainly trying to combat forgery of IDs by people from the PRC who want to work in HK).

BTW, I don't speak for IBM and they don't speak for me, etc., etc., #include <disclaimer>.

In South Africa we have a national identity book. It it your proof of citizenship and contains ID number, photo, name, date of birth, drivers' license (although we now have a separate card for that), gun licenses, and voting record (as in it and you are stamped when you vote, nothing the fact that you voted, but nothing about the vote).

This identity is the basis of identity validation for most significant accounts and policies, including banks, insurance, etc. It is also a cornerstone in the prevention of fraud.

There are a large number of authors who have mostly debunked the privacy argument as fantasy. Their argument is very good, and I think a number of parallels can be drawn between the approaches to (logic behind) the no-identity-cards stance and the DRM stance.

If "information wants to be free", as so many proponents on/. argue, then how can your identity be excluded from this freedom?

The primary argument about DRM is that there are valid uses that DRM will limit, and that recourse to law is and should be the correct way to deal with Copyright transgressions. Copyright is a right permitted by the public and there must be restrictions to prevent its abuse by Copyright holders.

So too privacy is a right permitted by the public. When you walk into the street, someone can identify you, and tell whoever they want. You cannot prevent them from doing that. The correct way to handle this is not to restrict information, to have rights management on your identity; it is to have proper safeguards in place against identity abuse.

And no one in the US who's proposing mandatory id cards considers the fact that one of the first implementations comes from a communist country. Yes, Hong Kong was once British territory and their governement probably hasn't changed that much, but they are still under communist rule. This is a TRUE example of 1984, just a little late.

My concern for the people of Hong Kong is less about theft than government control. I hope our representatives are watching closely the actions of the largest communist country in the world. I can't wait to hear a politician say "Well if it worked for China, why not here?" My biggest fear comes from our country eventually attempting the same thing here and how similarly it'll probably get abused by the government.

Communist countries have had identity cards in the form of booklets for an extremely long time. You can bet that the citizens of China all have identity cards (apart from farmers who are a sub-class without any right of movement). Post-communist countries continue to have identity cards. The roots of identity cards/booklets go back to Czarist or even previous times, authoritarian regimes have almost always required subjects to carry internal passports.

An identity card is basically an internal passport, proves who you are and gives you access to certain areas/services or prevents police harrassment.

And from living in a post-communist country I can tell you how much of a bother they are. You can't get anything 'official' (tax, etc.) or 'semi-official' (bank) done without one even though fraud is just as easy to commit.

I think one of the biggest problems will be that of forged cards. If the cards are going to be trusted absolutely, which the article implies by saying that you will be able to enter and leave HK using the card at a kiosk, no human oversite, then if a sucessful forgery is made, all cards become untrustworthy.

They don't describe how the system protects against forgery, but the do talk about information only being stored on the card. No central database to check against. This seems rather unsafe to me and a poor way to implement an identification mechanism.

I know what asymmetric crypto is, and I can imagine a number of ways that you could build a relatively secure system. It has just been my experience in practice that these system aren't implemented correctly or target the wrong threat model.

I'm not questioning whether a system could be devised that would prevent forgery or other exploits, but whether or not this system is designed to handle this, and how whether the system will fail safe. Too many systems are not designed fail safe with respect to security and windup being wide open when a new type of attack is discovered.

If the card is stolen, officials say the data on the chip can't be easily retrieved.

A few notes here:

1) Why would the data have to be "retrieved"? Is the person whose card was compromised at some loss here? Will he forget his hair color? His age? I don't think so.

2) Database? Surely if this information is used for emigration purposes (to speed up entry into the coutry, as per the article), it must be checked against a database of the same information. Backup anyone? Just go get a new card. No need for retrieval.

I could be missing something blazingly obvious, but I just don't see it. Why any concern at all about retrievability?

From what I can see on the picture (not clear), the cards are standardized "smart"-chip cards.

These have been cracked, almost trivially, by a French hacker a year or two ago -- the models he cracked were bank/ATM cards.

All in all, I fail to see what the fuss is all about. Dealing with Chinese police is not easy, but this is not a surprise for most users, is it?

If such a card was introduced in, say, the European Union, citizens would probably have the right to:

A. Refuse to show your card or swipe it in a card reader unless the person in front of you could produce reasonable evidence he/she is works for a law enforcement agency. That excludes giving your card to a merchant in order to buy something, for instance.

B. Access all data which is contained on the card, and requests modifications and/or removal of sensitive information.

I am almost certain that the legal protections detailed above would be respected in a court of law, and enforced by the European Court for Human Rights.

Of course, that type of legal protection is only available in the EU, and not in Hong Kong. Or in the USA, for that matter...

So, on one hand, there is a chance of Big-Brotherish abuse... or a chance of ID theft or false-ID flood. Pick your poison. Fun future ahead for Hong Kong residents.

Umm... "standardized 'smart'-chip cards" !? Okay, a standard smartcard has a chip, which has ROM and RAM. Onto this standard smartcard you load your program, into ROM. The program is application specific. There is no 'standard' for a "bank smart card", or an "identity smart card", or any other sort of smart card.

There are some standards for application interfaces, such as the new standard which will replace credit cards. And no matter how easily it could be hacked, its a heck of a lot harder than reading a credit card number off the front of a card.

From the CNN article: If the card is stolen, officials say the data on the chip can't be easily retrieved. This is probably not true. Check out:

Tamperproofing of Chip Card(s) [infowar.com] - abstract: There are two ways of attacking smartcards - destructive reverse engineering of the silicon circuit (including the contents of ROM), and discovering the memory contents by other means; a well equipped laboratory can do both. Persistent amateurs have often managed the latter, and may shortly be able to do the former as well.

Tamper Resistance - a Cautionary Note [cam.ac.uk] - abstract: An increasing number of systems, from pay-TV to electronic purses, rely on the tamper resistance of smartcards and other security processors. We describe a number of attacks on such systems - some old, some new and some that are simply little known outside the chip testing community. We conclude that trusting tamper resistance is problematic; smartcards are broken routinely, and even a device that was described by a government signals agency as `the most secure processor generally available' turns out to be vulnerable. Designers of secure systems should consider the consequences with care.

With any cryptographic system, it all comes down to one concept: time. With enough time and resources, these cards CAN be broken, overwritten, you name it. We have seen ubiquitous evidence [distributed.net] that even the strongest cryptography can be broken in time. HK is planning on using these SmartCards as digital passports. "Smart card holders will speed through Hong Kong immigration, using self-service kiosks that match digital biometric data on the card against the cardholder's fingerprint image read by a scanner."

The scariest part, for me, is that HK is setting a precedent. And it won't take long for other countries to jump on the bandwagon.

The scariest part, for me, is that HK is setting a precedent. And it won't take long for other countries to jump on the bandwagon

Oh! Mortifying! They're going to check your identity at customs!

I am from South Africa. I have travelled to the UK, Italy, and the USA. ONLY in the USA was the magnetic stripe on my Passport swiped. ONLY in the USA were my details entered into a computer system while I passed through customs. ONLY in the USA was I forced to provide contact number for my employer, place of residence, etc to enter on a business VISA.

In all other countries my passport is checked, the VISA checked, and I am given a cursory glance to ensure I match the photo. No record of my comings and going is taken.

A DNA identification system would probably be best. You do not need to carry a card, or remember some arbitrary number. It would be very difficult for someone else to impersonate you.

The real problem is in how much information should be allowed to any given individual or organization, and how long that information is kept on file. Its one thing for a Bank to learn that you have a history of defaulting on loans. But does a bank really need to know that you were arrested for Possession of a Controled substance and spent 2 years in Prison 15 years ago?

ID's should not be smart. They should only give you enough information that you can positively identify a person and gain access to the information. DNA ID could do that, and if the control of DNA reading equipment was very tightly regulated, there would not be many chances for abuse.

This government learned nothing from the USA's abuse of the Social Security number

Well, what we learned is that a publicly available identification number shouldn't be used as a password for banks, credit card approval, etc.

We didn't learn that it's necessarily bad to have a national ID.

Personally, I don't see what's wrong with having identifying information on a fairly secure smart card.

Now, being required to carry it everywhere would be a bit more of a hassle than I'd want to endure, but then again, AFAIK the police here in the states can take you in for minor infractions if you don't have any identification on you.

These are just pilot projects for the one-world government to iron out the kinks before giving all of us these IDs. You KNOW it's the truth! The only way to protect youself from the mind-reading space-stations is to buy one of my Open-Source shiney foil hats.

Don't bother calling, just think of your credit card number REAL hard and we'll direct bill it right away...

This government learned nothing from the USA's abuse of the Social Security number

Pull your head out of your computer and look around for a while. The Hong Kong politicos learned a great deal from the US system. They learned that people are sheep and will take anything if you slip it in slow enough. They learned that if you promise bread and circuses that they will even help you insert the object. They learned that once a system has been in place a while that the people will accept the reduction of their citizenship to chattel as gospel and a requirement to efficient government. They learned that an overbearing central government can be made stronger and more power delivered to fewer people if the people are reduced to interchangeable numbers. But most of all, they learned that people are sheep and will respond well to an idiot smiling about being reduced to a statistic. ("See, I got my check. Isn't the government so nice to give me money for nothing. What do you mean the government had to take the money from someone else? The government doesn't have to do that, 'cause the government can MAKE money")

How can you begin to think that the other countries would not pick up on these valuable lessons that the US government has provided for the world.

Business transactions require that you uniquely and unambiguously identify individuals. There is no way around that. The only question is what kind of identifier you use.

The US has chosen social security numbers for its globally unique identifier, just about the worst choice you could make. As a consequence, identity theft is rampant in the US, as are administrative snafus. Also, the US spends enormous amounts of money on border patrols, employment verification, and immgration status verification, when a secure ID card would solve the problem much more cheaply and reliably.

The way to fix the problem with SSNs is not to go back to the middle ages and pretend that you can get by in a modern society without a unique identifier. Rather, we need secure, unforgeable, globally unique identifiers. And smartcards are the most promising and least obtrusive way of doing that.

Unique, difficult-to-forge credentials and identifiers are in your and my interest. They aren't in conflict with privacy and security, they support it. It's time that the US gets with it.

How come the goverment (I assume the original article is US centric, because of the example of social security numbers) wants to brand its citizens and keep track of them in a typical big brother fashion? I can't see any problem with the technology, I would love to have it so that it's hard to forge these types of IDs and I would love to lessen the number of cards that I have to carry. I already have a "version number" since I live in Sweden and I have a so called personal number (personnummer, I unfortunatly don't know a better translation).

I am not going to go into any kind of US bashing, as that works against my goal here. I do on the other hand want to ask you why you have all these fears, and what kind of goverment that is in power. I would have expected this kind of behaviour from the Taliban, The Stalin Sovjet Union, the Stasi in old East Germany, or from fictional settings such as Farenheit 451 or 1984. Is this also going to be the reality in todays USA with the SS, NSA, FBI, CIA, AOL, DIA, etc acting as SS, SA, Stasi, KGB, GRU, etc?

Hmm, I don't think I will really change anything with this rant, but maybe the few of you who read it might think about it. Agree with me, disagree with me, have opinions, but first and foremost, think about what freedom really is, and how to sustain it.

As a high-level Monex employee once acknowledged to me, it is obviously physically impossible to guarantee anything about hardware, basically anything that can be hacked will be hacked. So they have a system I was told that assumes cards are periodically updated.

If hardware is faulty Hong Kong will have to replace every card physically, ignore the problem, or try to do an online fix.

I think it is a pretty good bet that those readers, possibly when provided a suitable crypto key over the network, will be able to update the smart card software to the extent possible.

Also, if someone trashes a card they are going to be able to get a new one. Presumably they will have to show up at a government office in person with fingers attached if their card stops working.. Plenty of room to work the system at plenty of points it would seem.

Hong Kong is regularly hailed in business newspapers such as the Wall Street Journal as the freeest place to do business. And before Hong Kong, countries like Taiwan, South Korea, Malaysia and other asian despotic nations with a democratic facade were high on the charts.

Just finished watching Schindler's List last night (I recorded it in 1997; this is the first chance I've had time to watch it). I was particularly intrigued with the portrayal of the Germans as an extremely efficient data collection machine. So much easier to round up those who offend you if you have good records to go by.

This appears to be the first step in Hong Kong to crack down on those who continue to flaunt the Chinese ideological line. It's so much easier to keep your harassment of political dissidents out of the public eye when you have names, addresses, etc.

And anybody who voluntarily participates in such a program should really stop and think about the ulterior motives behind the government -- any government -- maintaining an ID database.

Seems to me one of the biggest problems with using one of these cards is that all of the information is available to anyone who scans the card for any part of the info on it. Say I go to a club, and instead of having a bouncer look at the ID, the club makes me run it through a card-reader of some sort. How do I know that they're just taking my age and name off the thing, and not my name, age, address, phone, blood type, and all the other info I don't think they need?

It would be cool if the cards had some kind of method to block off certain parts of the info. Like if you squeezed a spot of the card for two seconds, it would open up the address and phone stuff for the next sixty seconds. If you squeezed another spot, your medical history stuff would be available. The default state (no squeezes) would just reveal name, number and age.

Obviously someone could just squeeze it before the scan it in a surreptitious manner, but that's not really my point here. You could work the interface any way you wanted - maybe a second card that links to it and you squeeze that one, so bouncers can't make changes to their access. If you could give people a way to control the info coming off of their cards, the potential for privacy invasion (while still there) would at least be reduced.

The chips used is a passive one - i.e. it'll be powered by an electrical coil (passive) that reacts to nearby electrical fields. In brief, they should have used active data protection, the passive one is already known to have some security issues. However, they simply don't listen, they just want to do it quick, and don't care the rest.

E.g. anybody could easy deactive the ID card by challenging the authentication system while the victim passing by. The problem is that the ID must respond to challenge because it's just a passive one. If the challenge failed the ID card will be deactivated, if it succeeded.....one just need to put that kind of 'challenger' in a crowdy area, like outside cinema, to cause mass deactivation, or gain access to many IDs.

The active one would decrease the chance of it happening, though it's not 100% safe, well nothing is.

Another system built with half-clue is E-Cert [hongkongpost.gov.hk]. The Hong Kong Post Office wants to become a root CA and they are issuing CAs since last year. It uses 1024-bit key, sounds good.

Except that no one in this project has an idea of key management, or CA distribution. Their root CA is not embedded in common browser like Netscape or IE. Say when you reach a website it says 'the CA of this server is said to be issued by Hong Kong Post Office, but we have no way to verify it, click yes to trust this CA'...The whole point of issuing CA is defeated.

... what I find scary was that the company for whom I worked for at the time sent me to Hong Kong back in 95 to show them a biometric identification system.

It was a system similar to INSPASS, only it did NOT offer a 14 character OCR-B/passport-like encoding of the Hand Geometry, but instead had on a GemPlus card both a facial and a fingerprint image.

Of course, having several former Hong Kong natives on my development team, they warned me that it was likely that we wouldn't "sell" the system... but rather give them opportunity for reverse engineering.

The demonstration was very interesting. It was at their version of "Customs" department. Most of the individuals we came into contact were warm, friendly and knowledgable. However during the actual demonstration, there were a couple of very cheap suits (unusual for Hong Kong) in the back of the room, asking questions in Chinese.

No surprise when the hardware we sent over got hung up by their "Customs" for several weeks before it came back to us. I sure hope they didn't get too pissed when I low-level formatted the hard drive before we left the country.

I'd be very interested in seeing the system now. They had at the time asked some questions like, can we use it to trigger a door lock... a design version that was essentially a glass man-trap.

Later that day, I visited with a missionary who just got out of prison for smuggling Bibles into the mainland. I cried when Hong Kong was turned back over to the Chinese.

It was one of the most beautiful and intriguing places I had ever visited.

It's call trial-and-error. The point is that the system of a single ID card itself is a bit on the flawed side, wouldn't you say? what if you left it at home accidentally? What if you lost that one ID card? You're screwed. There's wayyyy too many variables in the equation.

The question is more that: Has anybody found anything in which the Hong Kong government has addressed the fact that this didn't work in the states and are they prepared to give any reason why it failed and how they're going to avoid it? Because if not, this isn't ethnocentric, it's practical. If the United States tries to win a Land War in Russia, people screaming "Jesus! Didn't you pay attention to Hitler Germany or Napoleonic France???" wouldn't be accused of being Ethnocentric, would they?

Hong Kong has had mandatory ID cards for quite a long time now. They're mainly used for proving your identity to officials who ask, although in theory anyone can ask to see your ID card as proof that you are who you say you are.

Current ID cards (You can see one at http://www.sgowdy.com) have a bar code which can be read by some scanners at border crossings. Hong Kong has borders/boundaries with Macau and Mainland China which Permanent resident of HK can cross at will, with a swipe of a card. This system is aimed at speeding up access across border points like this, in particular a tolled border crossing bridge in Deep Bay. The idea is that a single swipe will prove your id, show you've a right to go where you're going and that you've sufficient residency to stay there.

It isn't some gibbering paranoid loon conspiracy which some posters are claiming it to be.\

Just because a country isn't a carbon copy of the US doesn't mean it's a paranoid dictatorship.

(BTW, it's the US has V-Chips, a fundamentalist Christian president and plans to nuke anyone who disagrees with it.)

So if have a WI ID, and I get stopped in FL, It won't take an hour to get my information?

I don't see a problem there. Politics is about leveraging. There needs to be a central database for drivers licenses, and the government should be allowed to SELL THAT INFORMATION!

That's right. Why?
1. The bank you got your car loan from already has that info, AND Charges you interest.
2. The insurance company already has that info.
3. The car dealer already has that info.
Can you think of any more? We ALL HAVE to pay taxes, so why don't we allow the one place that WILL ALWAYS CHARGE US to get additional income instead of the places that we don't need to buy from?

End Rant.

End of the world people: You won't be any safer, or have any more privacy, having personal information spread all over. And I bet every one of you have nothing more than a simple deadbolt (and maybe a chain) on your door. Practice what you preach.

Sure, I've got a chain on my door, and a deadbolt. Is that enough? Well, maybe not. So I have a Desert Eagle.50. Unfortunately, there is no equivalent to the Desert Eagle with the smart cards. Someone breaks into my apartment, I have it covered. Someone breaks into my smart card (maybe with wireless-only access to the card) or tracks my whereabouts for malicious purposes, then what? How can I proactively protect the information on my smart card? And so it gets a little bit cloudy. I am fine with a database of all our whereabouts and activities if it protects anonymity.If we had this database, and could use heuristics to determine if people were dangerous (eg, I just purchased three key ingrediants to an explosive and then a plane ticket. Have security give me an extra thorough check) that seems good. If someone can pose as me, that is no good.Maybe it all comes down to random number generation. As long as the card's encryption is based on pseudo-random numbers, it is worthless.

With our losses of GBP£8bn per year, this sort of system could be used to help reduce benefit fraud, illegal immigration, monitor health service usage...

How do you design an ID which is cheap enough to issue to 60 million people. But hard to forge? Even if you have system where the ID is simply a key to a database how do you then ensure that the database is secure? Especially if you only have one database used for everything...It's quite possible that this will deter the casual criminal whilst making things far easier for organised crime (including terrorism).

The problem with 1984 in applicatation to the Western world is our economic system. Business controls more of your life than government does. Maybe, depending on how the ID system works, government could revoke your identity. There's nothing stopping them from doing that already. But government can't force business to freeze the bank accounts of all political opponents, can't make all private security companies turn a blind eye, etc. Only if government has complete control of all aspects of life, can it impose a 1984-like control on you.